New apikeys permissions (#869)
* back-end y ruby test * ruby test * frontend part * delete unused component * resolve relevant github maxi comments * delete .catch of getAllkeys * fix github ivan comments * add ruby test and minor changes * search ruby test * fix name checkticketpermission
This commit is contained in:
Guillermo Giuliana
GitHub
parent
a64c9f2255
commit
b8944a3f04
|
|
@ -4,7 +4,6 @@ import {connect} from 'react-redux';
|
|||
import ConfigActions from 'actions/config-actions';
|
||||
import API from 'lib-app/api-call';
|
||||
import i18n from 'lib-app/i18n';
|
||||
import ToggleButton from 'app-components/toggle-button';
|
||||
import AreYouSure from 'app-components/are-you-sure';
|
||||
import ModalContainer from 'app-components/modal-container';
|
||||
|
||||
|
|
@ -26,10 +25,9 @@ class AdminPanelAdvancedSettings extends React.Component {
|
|||
messageTitle: null,
|
||||
messageType: '',
|
||||
messageContent: '',
|
||||
keyName: '',
|
||||
keyCode: '',
|
||||
selectedAPIKey: -1,
|
||||
APIKeys: []
|
||||
APIKeys: [],
|
||||
error: ''
|
||||
};
|
||||
|
||||
componentDidMount() {
|
||||
|
|
@ -95,7 +93,7 @@ class AdminPanelAdvancedSettings extends React.Component {
|
|||
<Listing {...this.getListingProps()} />
|
||||
</div>
|
||||
<div className="col-md-8 admin-panel-advanced-settings__api-keys__container">
|
||||
{(this.state.selectedAPIKey === -1) ? this.renderNoKey() : this.renderKey()}
|
||||
{this.state.error ? <Message type="error">{i18n(this.state.error)}</Message> : (this.state.selectedAPIKey === -1) ? this.renderNoKey() : this.renderKey()}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -121,13 +119,21 @@ class AdminPanelAdvancedSettings extends React.Component {
|
|||
|
||||
renderKey() {
|
||||
let currentAPIKey = this.state.APIKeys[this.state.selectedAPIKey];
|
||||
|
||||
return (
|
||||
<div className="admin-panel-advanced-settings__api-keys__container-info">
|
||||
<div className="admin-panel-advanced-settings__api-keys-subtitle">{i18n('NAME_OF_KEY')}</div>
|
||||
<div className="admin-panel-advanced-settings__api-keys-data">{currentAPIKey.name}</div>
|
||||
<div className="admin-panel-advanced-settings__api-keys-subtitle">{i18n('KEY')}</div>
|
||||
<div className="admin-panel-advanced-settings__api-keys-data">{currentAPIKey.token}</div>
|
||||
<div className="admin-panel-advanced-settings__api-keys-subtitle">{i18n('PERMISSIONS')}</div>
|
||||
<div className="admin-panel-advanced-settings__api-keys__permissions">
|
||||
<FormField className="admin-panel-advanced-settings__api-keys__permissions__item" value={currentAPIKey.canCreateTickets*1} label={i18n('TICKET_CREATION_PERMISSION')} field='checkbox'/>
|
||||
<FormField value={currentAPIKey.shouldReturnTicketNumber*1} label={i18n('TICKET_NUMBER_RETURN_PERMISSION')} field='checkbox'/>
|
||||
</div>
|
||||
<div className="admin-panel-advanced-settings__api-keys__permissions" >
|
||||
<FormField className="admin-panel-advanced-settings__api-keys__permissions__item" value={currentAPIKey.canCheckTickets*1} label={i18n('TICKET_CHECK_PERMISSION')} field='checkbox'/>
|
||||
<FormField value={currentAPIKey.canCreateUser*1} label={i18n('USER_CREATION_PERMISSION')} field='checkbox'/>
|
||||
</div>
|
||||
<Button className="admin-panel-advanced-settings__api-keys-button" size="medium" onClick={this.onDeleteKeyClick.bind(this)}>
|
||||
{i18n('DELETE')}
|
||||
</Button>
|
||||
|
|
@ -146,7 +152,7 @@ class AdminPanelAdvancedSettings extends React.Component {
|
|||
};
|
||||
}),
|
||||
selectedIndex: this.state.selectedAPIKey,
|
||||
onChange: index => this.setState({selectedAPIKey: index}),
|
||||
onChange: index => this.setState({selectedAPIKey: index, error:''}),
|
||||
onAddClick: this.openAPIKeyModal.bind(this)
|
||||
};
|
||||
}
|
||||
|
|
@ -156,16 +162,33 @@ class AdminPanelAdvancedSettings extends React.Component {
|
|||
<Form className="admin-panel-advanced-settings__api-keys-modal" onSubmit={this.addAPIKey.bind(this)}>
|
||||
<Header title={i18n('ADD_API_KEY')} description={i18n('ADD_API_KEY_DESCRIPTION')}/>
|
||||
<FormField name="name" label={i18n('NAME_OF_KEY')} validation="DEFAULT" required fieldProps={{size: 'large'}}/>
|
||||
<SubmitButton type="secondary">{i18n('SUBMIT')}</SubmitButton>
|
||||
<div className="admin-panel-advanced-settings__api-keys__permissions">
|
||||
<FormField className = "admin-panel-advanced-settings__api-keys__permissions__item" name="createTicketPermission" label={i18n('TICKET_CREATION_PERMISSION')} field='checkbox'/>
|
||||
<FormField name="ticketNumberPermission" label={i18n('TICKET_NUMBER_RETURN_PERMISSION')} field='checkbox'/>
|
||||
</div>
|
||||
<div className="admin-panel-advanced-settings__api-keys__permissions" >
|
||||
<FormField className = "admin-panel-advanced-settings__api-keys__permissions__item" name="checkTicketPermission" label={i18n('TICKET_CHECK_PERMISSION')} field='checkbox'/>
|
||||
<FormField name="userPermission" label={i18n('USER_CREATION_PERMISSION')} field='checkbox'/>
|
||||
</div>
|
||||
<SubmitButton className="admin-panel-advanced-settings__api-keys-modal__submit-button" type="secondary">{i18n('SUBMIT')}</SubmitButton>
|
||||
</Form>
|
||||
);
|
||||
}
|
||||
|
||||
addAPIKey({name}) {
|
||||
addAPIKey({name,userPermission,createTicketPermission,checkTicketPermission,ticketNumberPermission}) {
|
||||
ModalContainer.closeModal();
|
||||
this.setState({
|
||||
error: ''
|
||||
})
|
||||
API.call({
|
||||
path: '/system/add-api-key',
|
||||
data: {name, type: 'REGISTRATION'}
|
||||
data: {
|
||||
name,
|
||||
canCreateUsers: userPermission*1,
|
||||
canCreateTickets: createTicketPermission*1,
|
||||
canCheckTickets: checkTicketPermission*1,
|
||||
shouldReturnTicketNumber: ticketNumberPermission*1
|
||||
}
|
||||
}).then(this.getAllKeys.bind(this));
|
||||
}
|
||||
|
||||
|
|
@ -173,7 +196,7 @@ class AdminPanelAdvancedSettings extends React.Component {
|
|||
API.call({
|
||||
path: '/system/get-api-keys',
|
||||
data: {}
|
||||
}).then(this.onRetrieveSuccess.bind(this));
|
||||
}).then(this.onRetrieveSuccess.bind(this))
|
||||
}
|
||||
|
||||
onDeleteKeyClick() {
|
||||
|
|
@ -189,8 +212,9 @@ class AdminPanelAdvancedSettings extends React.Component {
|
|||
|
||||
onRetrieveSuccess(result) {
|
||||
this.setState({
|
||||
APIKeys: result.data.filter(key => key['type'] === 'REGISTRATION'),
|
||||
selectedAPIKey: -1
|
||||
APIKeys: result.data,
|
||||
selectedAPIKey: -1,
|
||||
error: null
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -45,8 +45,21 @@
|
|||
padding: 5px 0;
|
||||
}
|
||||
|
||||
&__permissions {
|
||||
display: flex;
|
||||
justify-content: flex-start;
|
||||
margin-bottom: 20px;
|
||||
&__item {
|
||||
margin-right: 25px;
|
||||
}
|
||||
}
|
||||
|
||||
&-modal {
|
||||
min-width: 500px;
|
||||
|
||||
&__submit-button {
|
||||
margin-top: 20px;
|
||||
}
|
||||
}
|
||||
|
||||
&-none {
|
||||
|
|
|
|||
|
|
@ -228,7 +228,11 @@ export default {
|
|||
'DESCRIPTION_ADD_CUSTOM_TAG': 'here you can add a new custom tag',
|
||||
'DESCRIPTION_EDIT_CUSTOM_TAG': 'here you can edit a custom tag',
|
||||
'CUSTOM_FIELDS': 'Custom fields',
|
||||
|
||||
'PERMISSIONS': 'Permissions',
|
||||
'TICKET_CREATION_PERMISSION': 'Allow ticket creation',
|
||||
'TICKET_CHECK_PERMISSION': 'Allow ticket check',
|
||||
'TICKET_NUMBER_RETURN_PERMISSION' : 'Allow ticket number return',
|
||||
'USER_CREATION_PERMISSION': 'Allow user creation',
|
||||
'CHART_CREATE_TICKET': 'Tickets created',
|
||||
'CHART_CLOSE': 'Tickets closed',
|
||||
'CHART_SIGNUP': 'Signups',
|
||||
|
|
@ -395,6 +399,7 @@ export default {
|
|||
'INVALID_DEFAULT_DEPARTMENT': 'Default department choosen is invalid',
|
||||
'INVALID_SUPERVISED_USERS': 'Invalid supervised users',
|
||||
'SUPERVISOR_CAN_NOT_SUPERVISE_HIMSELF': 'Supervisor can not supervise himself',
|
||||
'NAME_ALREADY_USED': 'Name already used',
|
||||
|
||||
//MESSAGES
|
||||
'SIGNUP_SUCCESS': 'You have registered successfully in our support system.',
|
||||
|
|
|
|||
|
|
@ -14,12 +14,13 @@ use Respect\Validation\Validator as DataValidator;
|
|||
* @apiPermission staff3
|
||||
*
|
||||
* @apiParam {String} name Name of the new APIKey.
|
||||
* @apiParam {String} type Type of APIKey: "REGISTRATION" or "TICKET_CREATE"
|
||||
*
|
||||
* @apiParam {Boolean} canCreateUsers canCreateUsers determinates if the apikey has the permission to create users
|
||||
* @apiParam {Boolean} canCreateTickets canCreateTickets determinates if the apikey has the permission to create tickets
|
||||
* @apiParam {Boolean} canCheckTickets canCheckTickets determinates if the apikey has the permission to check tickets
|
||||
* @apiParam {Boolean} shouldReturnTicketNumber shouldReturnTicketNumber determinates if the apikey has the permission of returning ticket number after ticket creation
|
||||
* @apiUse NO_PERMISSION
|
||||
* @apiUse INVALID_NAME
|
||||
* @apiUse NAME_ALREADY_USED
|
||||
* @apiUse INVALID_API_KEY_TYPE
|
||||
*
|
||||
* @apiSuccess {String} data Token of the APIKey.
|
||||
*
|
||||
|
|
@ -36,10 +37,6 @@ class AddAPIKeyController extends Controller {
|
|||
'name' => [
|
||||
'validation' => DataValidator::notBlank()->length(2, 55)->alnum(),
|
||||
'error' => ERRORS::INVALID_NAME
|
||||
],
|
||||
'type' => [
|
||||
'validation' => DataValidator::in(APIKey::TYPES),
|
||||
'error' => ERRORS::INVALID_API_KEY_TYPE
|
||||
]
|
||||
]
|
||||
];
|
||||
|
|
@ -49,8 +46,10 @@ class AddAPIKeyController extends Controller {
|
|||
$apiInstance = new APIKey();
|
||||
|
||||
$name = Controller::request('name');
|
||||
$type = Controller::request('type');
|
||||
|
||||
$canCreateUsers = (bool)Controller::request('canCreateUsers');
|
||||
$canCreateTickets = (bool)Controller::request('canCreateTickets');
|
||||
$canCheckTickets = (bool)Controller::request('canCheckTickets');
|
||||
$shouldReturnTicketNumber = (bool)Controller::request('shouldReturnTicketNumber');
|
||||
$keyInstance = APIKey::getDataStore($name, 'name');
|
||||
|
||||
if($keyInstance->isNull()){
|
||||
|
|
@ -59,7 +58,10 @@ class AddAPIKeyController extends Controller {
|
|||
$apiInstance->setProperties([
|
||||
'name' => $name,
|
||||
'token' => $token,
|
||||
'type' => $type,
|
||||
'canCreateUsers' => $canCreateUsers,
|
||||
'canCreateTickets' => $canCreateTickets,
|
||||
'canCheckTickets' => $canCheckTickets,
|
||||
'shouldReturnTicketNumber' => $shouldReturnTicketNumber
|
||||
]);
|
||||
|
||||
$apiInstance->store();
|
||||
|
|
|
|||
|
|
@ -32,7 +32,6 @@ class GetAPIKeysController extends Controller {
|
|||
|
||||
public function handler() {
|
||||
$apiList = APIKey::getAll();
|
||||
|
||||
Response::respondSuccess($apiList->toArray());
|
||||
}
|
||||
}
|
||||
|
|
@ -46,7 +46,7 @@ class CheckTicketController extends Controller {
|
|||
'error' => ERRORS::INVALID_EMAIL
|
||||
],
|
||||
'captcha' => [
|
||||
'validation' => DataValidator::captcha(),
|
||||
'validation' => DataValidator::captcha(APIKey::TICKET_CHECK_PERMISSION),
|
||||
'error' => ERRORS::INVALID_CAPTCHA
|
||||
]
|
||||
]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,8 @@ DataValidator::with('CustomValidations', true);
|
|||
* @apiParam {String} content Content of the comment.
|
||||
* @apiParam {Number} ticketNumber The number of the ticket to comment.
|
||||
* @apiParam {Boolean} private Indicates if the comment is not shown to users.
|
||||
* @apiParam {Number} images The number of images in the content
|
||||
* @apiParam {Number} images The number of images in the content.
|
||||
* @apiParam {String} apiKey apiKey to comment a ticket.
|
||||
* @apiParam image_i The image file of index `i` (mutiple params accepted)
|
||||
* @apiParam file The file you with to upload.
|
||||
*
|
||||
|
|
@ -67,6 +68,7 @@ class CommentController extends Controller {
|
|||
$isAuthor = $this->ticket->isAuthor($this->user);
|
||||
$isOwner = $this->ticket->isOwner($this->user);
|
||||
$private = Controller::request('private');
|
||||
$apiKey = APIKey::getDataStore(Controller::request('apiKey'), 'token');
|
||||
|
||||
if(!$this->user->canManageTicket($this->ticket)) {
|
||||
throw new RequestException(ERRORS::NO_PERMISSION);
|
||||
|
|
|
|||
|
|
@ -19,7 +19,8 @@ DataValidator::with('CustomValidations', true);
|
|||
* @apiParam {Number} departmentId The id of the department of the current ticket.
|
||||
* @apiParam {String} language The language of the ticket.
|
||||
* @apiParam {String} email The email of the user who created the ticket.
|
||||
* @apiParam {Number} images The number of images in the content
|
||||
* @apiParam {Number} images The number of images in the content.
|
||||
* @apiParam {String} apiKey apiKey to create tickets and show ticket-number created.
|
||||
* @apiParam image_i The image file of index `i` (mutiple params accepted)
|
||||
* @apiParam file The file you with to upload.
|
||||
*
|
||||
|
|
@ -48,7 +49,7 @@ class CreateController extends Controller {
|
|||
private $ticketNumber;
|
||||
private $email;
|
||||
private $name;
|
||||
|
||||
private $apiKey;
|
||||
public function validations() {
|
||||
$validations = [
|
||||
'permission' => 'user',
|
||||
|
|
@ -74,7 +75,7 @@ class CreateController extends Controller {
|
|||
if (!Controller::isLoginMandatory() && !Controller::isStaffLogged() && !Controller::isUserLogged()) {
|
||||
$validations['permission'] = 'any';
|
||||
$validations['requestData']['captcha'] = [
|
||||
'validation' => DataValidator::captcha(APIKey::TICKET_CREATE),
|
||||
'validation' => DataValidator::captcha(APIKey::TICKET_CREATE_PERMISSION),
|
||||
'error' => ERRORS::INVALID_CAPTCHA
|
||||
];
|
||||
$validations['requestData']['email'] = [
|
||||
|
|
@ -92,12 +93,10 @@ class CreateController extends Controller {
|
|||
|
||||
public function handler() {
|
||||
|
||||
///
|
||||
$session = Session::getInstance();
|
||||
if($session->isTicketSession()) {
|
||||
$session->clearSessionData();
|
||||
}
|
||||
///
|
||||
|
||||
$this->title = Controller::request('title');
|
||||
$this->content = Controller::request('content', true);
|
||||
|
|
@ -105,8 +104,9 @@ class CreateController extends Controller {
|
|||
$this->language = Controller::request('language');
|
||||
$this->email = Controller::request('email');
|
||||
$this->name = Controller::request('name');
|
||||
$this->apiKey = APIKey::getDataStore(Controller::request('apiKey'), 'token');
|
||||
|
||||
if(!Controller::isStaffLogged() && Department::getDataStore($this->departmentId)->private){
|
||||
if(!Controller::isStaffLogged() && Department::getDataStore($this->departmentId)->private) {
|
||||
throw new Exception(ERRORS::INVALID_DEPARTMENT);
|
||||
}
|
||||
|
||||
|
|
@ -132,11 +132,14 @@ class CreateController extends Controller {
|
|||
}
|
||||
|
||||
Log::createLog('CREATE_TICKET', $this->ticketNumber);
|
||||
|
||||
Response::respondSuccess([
|
||||
'ticketNumber' => $this->ticketNumber
|
||||
]);
|
||||
|
||||
|
||||
if(!$this->apiKey->isNull() && $this->apiKey->shouldReturnTicketNumber){
|
||||
Response::respondSuccess([
|
||||
'ticketNumber' => $this->ticketNumber
|
||||
]);
|
||||
}else{
|
||||
Response::respondSuccess();
|
||||
}
|
||||
}
|
||||
|
||||
private function isEmailInvalid(){
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ DataValidator::with('CustomValidations', true);
|
|||
* @apiParam {String} name The name of the new user.
|
||||
* @apiParam {String} email The email of the new user.
|
||||
* @apiParam {String} password The password of the new user.
|
||||
* @apiParam {String} apiKey APIKey to sign up an user if the registration system is disabled.
|
||||
* @apiParam {String} apiKey apiKey to sign up an user if the registration system is disabled.
|
||||
* @apiParam {String} customfield_ Custom field values for this user.
|
||||
* @apiParam {Boolean} indirectSignUp Indicates if the new User has been created by ticket/create
|
||||
*
|
||||
|
|
@ -72,7 +72,7 @@ class SignUpController extends Controller {
|
|||
|
||||
if(!$this->csvImported) {
|
||||
$validations['requestData']['captcha'] = [
|
||||
'validation' => DataValidator::captcha(APIKey::REGISTRATION),
|
||||
'validation' => DataValidator::captcha(APIKey::USER_CREATE_PERMISSION),
|
||||
'error' => ERRORS::INVALID_CAPTCHA
|
||||
];
|
||||
}
|
||||
|
|
@ -99,10 +99,6 @@ class SignUpController extends Controller {
|
|||
if (!Setting::getSetting('registration')->value && $apiKey->isNull() && !Controller::isStaffLogged(2) && !$this->csvImported) {
|
||||
throw new RequestException(ERRORS::NO_PERMISSION);
|
||||
}
|
||||
|
||||
if(!$apiKey->isNull() && $apiKey->type !== APIKey::REGISTRATION) {
|
||||
throw new RequestException(ERRORS::INVALID_API_KEY_TYPE);
|
||||
}
|
||||
|
||||
$userId = $this->createNewUserAndRetrieveId();
|
||||
|
||||
|
|
|
|||
|
|
@ -308,8 +308,8 @@
|
|||
* @apiError {String} INVALID_COLOR The color should be in hexadecimal, preceded by a '#'
|
||||
*/
|
||||
/**
|
||||
* @apiDefine INVALID_API_KEY_TYPE
|
||||
* @apiError {String} INVALID_API_KEY_TYPE Api key type is not one of the availables
|
||||
* @apiDefine INVALID_API_KEY_PERMISSION
|
||||
* @apiError {String} INVALID_API_KEY_PERMISSION Api key type is not one of the availables
|
||||
*/
|
||||
/**
|
||||
* @apiDefine MANDATORY_LOGIN_IS_DESACTIVATED
|
||||
|
|
@ -404,7 +404,7 @@ class ERRORS {
|
|||
const INVALID_CUSTOM_FIELD_OPTION = 'INVALID_CUSTOM_FIELD_OPTION';
|
||||
const UNAVAILABLE_STATS = 'UNAVAILABLE_STATS';
|
||||
const INVALID_COLOR = 'INVALID_COLOR';
|
||||
const INVALID_API_KEY_TYPE = 'INVALID_API_KEY_TYPE';
|
||||
const INVALID_API_KEY_PERMISSION = 'INVALID_API_KEY_PERMISSION';
|
||||
const MANDATORY_LOGIN_IS_DESACTIVATED = 'MANDATORY_LOGIN_IS_DESACTIVATED';
|
||||
const REGISTRATION_IS_DESACTIVATED = 'REGISTRATION_IS_DESACTIVATED';
|
||||
const INVALID_SUPERVISED_USERS = 'INVALID_SUPERVISED_USERS';
|
||||
|
|
|
|||
|
|
@ -6,25 +6,36 @@ use Respect\Validation\Rules\AbstractRule;
|
|||
|
||||
class Captcha extends AbstractRule {
|
||||
private $dataStoreName;
|
||||
private $apiKeyPermissionType;
|
||||
|
||||
public function __construct($apiKeyType = '') {
|
||||
if (in_array($apiKeyType, \APIKey::TYPES)) {
|
||||
$this->apiKeyType = $apiKeyType;
|
||||
} else if($apiKeyType) {
|
||||
public function __construct($apiKeyPermissionType = '') {
|
||||
$this->apiKeyPermissionType = $apiKeyPermissionType;
|
||||
if (in_array($apiKeyPermissionType, \APIKey::TYPES)) {
|
||||
$this->apiKeyType = $apiKeyPermissionType;
|
||||
} else if($apiKeyPermissionType) {
|
||||
throw new \Exception(\ERRORS::INVALID_API_KEY_TYPE);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public function validate($reCaptchaResponse) {
|
||||
$reCaptchaPrivateKey = \Setting::getSetting('recaptcha-private')->getValue();
|
||||
$apiKey = \APIKey::getDataStore(\Controller::request('apiKey'), 'token');
|
||||
|
||||
if (!$reCaptchaPrivateKey) return true;
|
||||
if (!$apiKey->isNull() && $apiKey->type === $apiKeyType) return true;
|
||||
|
||||
if (!$apiKey->isNull()){
|
||||
switch ($this->apiKeyPermissionType) {
|
||||
case 'TICKET_CREATE_PERMISSION':
|
||||
return $apiKey->canCreateTickets;
|
||||
case 'USER_CREATE_PERMISSION':
|
||||
return $apiKey->canCreateUsers;
|
||||
case 'TICKET_CHECK_PERMISSION':
|
||||
return $apiKey->canCheckTickets;
|
||||
}
|
||||
}
|
||||
|
||||
$reCaptcha = new \ReCaptcha\ReCaptcha($reCaptchaPrivateKey);
|
||||
$reCaptchaValidation = $reCaptcha->verify($reCaptchaResponse, $_SERVER['REMOTE_ADDR']);
|
||||
|
||||
return $reCaptchaValidation->isSuccess();
|
||||
}
|
||||
}
|
||||
|
|
@ -9,29 +9,32 @@
|
|||
|
||||
class APIKey extends DataStore {
|
||||
const TABLE = 'apikey';
|
||||
const REGISTRATION = 'REGISTRATION';
|
||||
const TICKET_CREATE = 'TICKET_CREATE';
|
||||
const TYPES = [APIKey::REGISTRATION, APIKey::TICKET_CREATE];
|
||||
const TICKET_CREATE_PERMISSION = 'TICKET_CREATE_PERMISSION';
|
||||
const USER_CREATE_PERMISSION = 'USER_CREATE_PERMISSION';
|
||||
const TICKET_CHECK_PERMISSION = 'TICKET_CHECK_PERMISSION';
|
||||
const TICKET_NUMBER_RETURN_PERMISSION = 'TICKET_NUMBER_RETURN_PERMISSION';
|
||||
|
||||
const TYPES = [APIKey::TICKET_CREATE_PERMISSION,APIKey::USER_CREATE_PERMISSION,APIKey::TICKET_CHECK_PERMISSION,APIKey::TICKET_NUMBER_RETURN_PERMISSION];
|
||||
|
||||
public static function getProps() {
|
||||
return [
|
||||
'name',
|
||||
'token',
|
||||
'type'
|
||||
'canCreateUsers',
|
||||
'canCreateTickets',
|
||||
'canCheckTickets',
|
||||
'shouldReturnTicketNumber'
|
||||
];
|
||||
}
|
||||
|
||||
public function getDefaultProps() {
|
||||
return [
|
||||
'type' => APIKey::REGISTRATION
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
public function toArray() {
|
||||
return [
|
||||
'name' => $this->name,
|
||||
'token' => $this->token,
|
||||
'type' => $this->type
|
||||
'canCreateUser' => $this->canCreateUsers,
|
||||
'canCreateTickets' => $this->canCreateTickets,
|
||||
'canCheckTickets' => $this->canCheckTickets,
|
||||
'shouldReturnTicketNumber' => $this->shouldReturnTicketNumber
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
@ -79,4 +79,5 @@ require './system/mandatory-login.rb'
|
|||
require './system/default-department.rb'
|
||||
require './user/edit-supervised-list.rb'
|
||||
require './user/get-supervised-tickets.rb'
|
||||
require './system/apikey-permissions.rb'
|
||||
# require './system/get-stats.rb'
|
||||
|
|
|
|||
|
|
@ -84,7 +84,6 @@ class Scripts
|
|||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
result['data']
|
||||
end
|
||||
|
||||
def self.closeTicket(ticketNumber)
|
||||
|
|
@ -97,12 +96,15 @@ class Scripts
|
|||
result['data']
|
||||
end
|
||||
|
||||
def self.createAPIKey(name, type)
|
||||
def self.createAPIKey(name, canCreateUsers=0, canCreateTickets=0, canCheckTickets=0, shouldReturnTicketNumber=0)
|
||||
request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: name,
|
||||
type: type
|
||||
canCreateUsers: canCreateUsers,
|
||||
canCreateTickets: canCreateTickets,
|
||||
canCheckTickets: canCheckTickets,
|
||||
shouldReturnTicketNumber: shouldReturnTicketNumber
|
||||
})
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -7,12 +7,12 @@ describe'system/add-api-key' do
|
|||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'new API',
|
||||
type: 'REGISTRATION'
|
||||
canCreateUser: 1
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
row = $database.getRow('apikey', 1, 'id')
|
||||
row = $database.getRow('apikey', 2, 'id')
|
||||
|
||||
(row['name']).should.equal('new API')
|
||||
(result['data']).should.equal(row['token'])
|
||||
|
|
@ -23,22 +23,96 @@ describe'system/add-api-key' do
|
|||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'new API',
|
||||
type: 'REGISTRATION'
|
||||
canCreateUser: 1
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('NAME_ALREADY_USED')
|
||||
end
|
||||
|
||||
it 'should not add API key if invalid type is used' do
|
||||
it 'should fail if API key size is wrong' do
|
||||
result= request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'new API2',
|
||||
type: 'REGISTRATON'
|
||||
name: 'A',
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_API_KEY_TYPE')
|
||||
(result['message']).should.equal('INVALID_NAME')
|
||||
|
||||
result= request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'APIKEYNAMEAPIKEYNAMEAPIKEYNAMEAPIKEYNAMEAPIKEYNAMEAPIKEYNAMEAPIKEYNAME',
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_NAME')
|
||||
end
|
||||
|
||||
it 'should succes with the required permissions API key' do
|
||||
result= request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'APIkey ticketnumber return',
|
||||
shouldReturnTicketNumber: 'true'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
row = $database.getRow('apikey', 3, 'id')
|
||||
|
||||
(row['can_create_users']).should.equal(0)
|
||||
(row['can_create_tickets']).should.equal(0)
|
||||
(row['should_return_ticket_number']).should.equal(1)
|
||||
(row['can_check_tickets']).should.equal(0)
|
||||
|
||||
result= request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'APIkey check tickets',
|
||||
canCheckTickets: 'true'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
row = $database.getRow('apikey', 4, 'id')
|
||||
|
||||
(row['can_create_users']).should.equal(0)
|
||||
(row['can_create_tickets']).should.equal(0)
|
||||
(row['should_return_ticket_number']).should.equal(0)
|
||||
(row['can_check_tickets']).should.equal(1)
|
||||
|
||||
result= request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'APIkey user create',
|
||||
canCreateUsers: 'true'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
row = $database.getRow('apikey', 5, 'id')
|
||||
|
||||
(row['can_create_users']).should.equal(1)
|
||||
(row['can_create_tickets']).should.equal(0)
|
||||
(row['should_return_ticket_number']).should.equal(0)
|
||||
(row['can_check_tickets']).should.equal(0)
|
||||
|
||||
result= request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'APIkey create tickets',
|
||||
canCreateTickets: 'true'
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
row = $database.getRow('apikey', 6, 'id')
|
||||
|
||||
(row['can_create_users']).should.equal(0)
|
||||
(row['can_create_tickets']).should.equal(1)
|
||||
(row['should_return_ticket_number']).should.equal(0)
|
||||
(row['can_check_tickets']).should.equal(0)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -0,0 +1,197 @@
|
|||
describe '/system/apikey-permissions' do
|
||||
request('/user/logout')
|
||||
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
apikeycanCreateUsersToken = Scripts.createAPIKey('create users',canCreateUsers=1, canCreateTickets=0, canCheckTickets=0, shouldReturnTicketNumber=0)['data']
|
||||
apikeycanCreateTickets = Scripts.createAPIKey('create tickets',canCreateUsers=0, canCreateTickets=1, canCheckTickets=0, shouldReturnTicketNumber=0)['data']
|
||||
apikeycanCheckTickets = Scripts.createAPIKey('comment tickets',canCreateUsers=0, canCreateTickets=0, canCheckTickets=1, shouldReturnTicketNumber=0)['data']
|
||||
apikeycanReturnTickets = Scripts.createAPIKey('create and return tickets',canCreateUsers=0, canCreateTickets=1, canCheckTickets=0, shouldReturnTicketNumber=1)['data']
|
||||
|
||||
result = request('/system/disable-mandatory-login', {
|
||||
"csrf_userid" => $csrf_userid,
|
||||
"csrf_token" => $csrf_token,
|
||||
"password" => "staff"
|
||||
})
|
||||
result = request('/system/edit-settings', {
|
||||
"csrf_userid" => $csrf_userid,
|
||||
"csrf_token" => $csrf_token,
|
||||
"recaptcha-private" => "THISISVALID"
|
||||
})
|
||||
request('/user/logout')
|
||||
|
||||
it 'should fail ticket create if the apikey does not have create ticket permission' do
|
||||
result = request('/ticket/create', {
|
||||
language: 'en',
|
||||
email: 'valid@os4.com',
|
||||
name: 'validname',
|
||||
title: 'try of title Ticket',
|
||||
content: 'try of content Ticket',
|
||||
departmentId: 1,
|
||||
captcha: 'invalid captcha',
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_CAPTCHA')
|
||||
|
||||
result = request('/ticket/create', {
|
||||
language: 'en',
|
||||
email: 'valid@os4.com',
|
||||
name: 'validname',
|
||||
title: 'try of title Ticket',
|
||||
content: 'try of content Ticket',
|
||||
departmentId: 1,
|
||||
captcha: 'THISISVALID',
|
||||
apiKey: apikeycanCheckTickets,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_CAPTCHA')
|
||||
end
|
||||
|
||||
it 'should create ticket if the apikey has the correct permission' do
|
||||
result = request('/ticket/create', {
|
||||
language: 'en',
|
||||
email: 'valid@os4.com',
|
||||
title: 'ticket created with apikeycanCreateTickets',
|
||||
name: 'validname',
|
||||
content: 'content of Ticket apikeycanCreateTickets',
|
||||
departmentId: 1,
|
||||
captcha: 'INVALID',
|
||||
apiKey: apikeycanCreateTickets,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
(result['status']).should.equal('success')
|
||||
(result['data']).should.equal(nil)
|
||||
|
||||
result = request('/ticket/create', {
|
||||
language: 'en',
|
||||
email: 'valid@os4.com',
|
||||
title: 'ticket created with apikeycanReturnTickets',
|
||||
name: 'validname',
|
||||
content: 'content of Ticket apikeycanReturnTickets',
|
||||
departmentId: 1,
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
captcha: 'INVALID',
|
||||
apiKey: apikeycanReturnTickets
|
||||
})
|
||||
ticket = $database.getRow('ticket','ticket created with apikeycanReturnTickets','title')
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(result['data']['ticketNumber']).should.equal(ticket['ticket_number'])
|
||||
end
|
||||
|
||||
it 'should fail comment ticket if the apikey permission is wrong' do
|
||||
ticket = $database.getRow('ticket','ticket created with apikeycanReturnTickets','title')
|
||||
author = $database.getRow('user',ticket['author_id'],'id')
|
||||
|
||||
result = request('/ticket/check', {
|
||||
email: author['email'],
|
||||
content: 'some comment content',
|
||||
ticketNumber: ticket['ticket_number'],
|
||||
captcha: 'INVALID',
|
||||
apiKey: apikeycanReturnTickets
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_CAPTCHA')
|
||||
|
||||
result = request('/ticket/check', {
|
||||
email: author['email'],
|
||||
content: 'some comment content',
|
||||
ticketNumber: ticket['ticket_number'],
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
captcha: 'INVALID',
|
||||
apiKey: apikeycanCreateUsersToken
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_CAPTCHA')
|
||||
|
||||
|
||||
result = request('/ticket/check', {
|
||||
email: author['email'],
|
||||
content: 'some comment content',
|
||||
ticketNumber: ticket['ticket_number'],
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
captcha: 'INVALID',
|
||||
apiKey: apikeycanCreateTickets
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_CAPTCHA')
|
||||
end
|
||||
|
||||
it 'should success comment ticket if the apikey permission is correct' do
|
||||
ticket = $database.getRow('ticket','ticket created with apikeycanReturnTickets','title')
|
||||
author = $database.getRow('user',ticket['author_id'],'id')
|
||||
|
||||
result = request('/ticket/check', {
|
||||
email: author['email'],
|
||||
content: 'some comment content',
|
||||
ticketNumber: ticket['ticket_number'],
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
captcha: 'INVALID',
|
||||
apiKey: apikeycanCheckTickets
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
end
|
||||
|
||||
it 'should fail signing up user if the apikey permission is wrong' do
|
||||
|
||||
request('/user/logout')
|
||||
result = request('/user/signup', {
|
||||
name: 'Petyr Baelish',
|
||||
email: 'littlefinger@got.com',
|
||||
password: 'Catelyn<3',
|
||||
captcha: 'INVALID',
|
||||
apiKey: apikeycanCreateTickets
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_CAPTCHA')
|
||||
|
||||
result = request('/user/signup', {
|
||||
name: 'Petyr Baelish',
|
||||
email: 'littlefinger@got.com',
|
||||
password: 'Catelyn<3',
|
||||
captcha: 'INVALID',
|
||||
apiKey: apikeycanCheckTickets
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_CAPTCHA')
|
||||
|
||||
result = request('/user/signup', {
|
||||
name: 'Petyr Baelish',
|
||||
email: 'littlefinger@got.com',
|
||||
password: 'Catelyn<3',
|
||||
captcha: 'INVALID',
|
||||
apiKey: apikeycanReturnTickets
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_CAPTCHA')
|
||||
end
|
||||
|
||||
it 'should success signing up user if the apikey permission is correct' do
|
||||
result = request('/user/signup', {
|
||||
name: 'Petyr Baelish',
|
||||
email: 'littlefinger@got.com',
|
||||
password: 'Catelyn<3',
|
||||
captcha: 'INVALID',
|
||||
apiKey: apikeycanCreateUsersToken
|
||||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
end
|
||||
end
|
||||
|
|
@ -22,7 +22,7 @@ describe'system/delete-api-key' do
|
|||
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
row = $database.getRow('apikey', 1, 'id')
|
||||
row = $database.getRow('apikey', 2, 'id')
|
||||
|
||||
(row).should.equal(nil)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -2,14 +2,16 @@ describe 'system/delete-department' do
|
|||
request('/user/logout')
|
||||
Scripts.createUser('tranferguy@opensupports.com', 'transfer', 'Transfer Guy')
|
||||
Scripts.login('tranferguy@opensupports.com', 'transfer')
|
||||
|
||||
$apikey = $database.getRow('apikey',1,'id')
|
||||
|
||||
ticket1 = request('/ticket/create',{
|
||||
title: 'Transferible ticket 1',
|
||||
content: 'The north remembers',
|
||||
departmentId: 4,
|
||||
language: 'en',
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
csrf_token: $csrf_token,
|
||||
apiKey: $apikey['token']
|
||||
})
|
||||
ticket2 =request('/ticket/create',{
|
||||
title: 'Transferible ticket 2',
|
||||
|
|
@ -17,7 +19,8 @@ describe 'system/delete-department' do
|
|||
departmentId: 4,
|
||||
language: 'en',
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
csrf_token: $csrf_token,
|
||||
apiKey: $apikey['token']
|
||||
})
|
||||
ticket3 = request('/ticket/create',{
|
||||
title: 'Transferible ticket 3',
|
||||
|
|
@ -25,7 +28,8 @@ describe 'system/delete-department' do
|
|||
departmentId: 4,
|
||||
language: 'en',
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
csrf_token: $csrf_token,
|
||||
apiKey: $apikey['token']
|
||||
})
|
||||
ticket1 = ticket1['data']['ticketNumber']
|
||||
ticket2 = ticket2['data']['ticketNumber']
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
describe'/system/disable-registration' do
|
||||
request('/user/logout')
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
api_key = Scripts.createAPIKey('registrationKey', 'REGISTRATION')['data']
|
||||
api_key = Scripts.createAPIKey('registrationKey', canCreateUsers = 1)['data']
|
||||
|
||||
it 'should not disable registration if password is not correct' do
|
||||
result= request('/system/disable-registration', {
|
||||
|
|
|
|||
|
|
@ -3,11 +3,6 @@ describe'system/get-api-keys' do
|
|||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
it 'should get all API keys' do
|
||||
Scripts.createAPIKey('namekey1', 'REGISTRATION')
|
||||
Scripts.createAPIKey('namekey2', 'REGISTRATION')
|
||||
Scripts.createAPIKey('namekey3', 'REGISTRATION')
|
||||
Scripts.createAPIKey('namekey4', 'REGISTRATION')
|
||||
Scripts.createAPIKey('namekey5', 'REGISTRATION')
|
||||
|
||||
result = request('/system/get-api-keys', {
|
||||
csrf_userid: $csrf_userid,
|
||||
|
|
@ -15,11 +10,11 @@ describe'system/get-api-keys' do
|
|||
})
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(result['data'][0]['name']).should.equal('namekey1')
|
||||
(result['data'][1]['name']).should.equal('namekey2')
|
||||
(result['data'][2]['name']).should.equal('namekey3')
|
||||
(result['data'][3]['name']).should.equal('namekey4')
|
||||
(result['data'][4]['name']).should.equal('namekey5')
|
||||
|
||||
(result['data'][0]['name']).should.equal('APIkeyToTicketget')
|
||||
(result['data'][1]['name']).should.equal('APIkey ticketnumber return')
|
||||
(result['data'][2]['name']).should.equal('APIkey check tickets')
|
||||
(result['data'][3]['name']).should.equal('APIkey user create')
|
||||
(result['data'][4]['name']).should.equal('APIkey create tickets')
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -111,7 +111,6 @@ describe'system/mandatory-login' do
|
|||
$userRow = $database.getRow('user','nonuser@os4.com','email')
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(result['data']['ticketNumber']).should.equal($ticketRow['ticket_number'].to_i)
|
||||
($userRow['email']).should.equal('nonuser@os4.com')
|
||||
($userRow['not_registered']).should.equal(1)
|
||||
($userRow['tickets']).should.equal(1)
|
||||
|
|
@ -131,7 +130,6 @@ describe'system/mandatory-login' do
|
|||
$userRow = $database.getRow('user','nonuser@os4.com','email')
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(result['data']['ticketNumber']).should.equal($ticketRow['ticket_number'].to_i)
|
||||
($userRow['email']).should.equal('nonuser@os4.com')
|
||||
($userRow['tickets']).should.equal(2)
|
||||
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@ describe '/ticket/add-tag' do
|
|||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
Scripts.createTag('test tag', 'orange')
|
||||
result = Scripts.createTicket('test ticket')
|
||||
|
||||
@ticketNumber = result['ticketNumber']
|
||||
Scripts.createTicket('test ticket')
|
||||
ticket = $database.getRow('ticket', 'test ticket', 'title')
|
||||
@ticketNumber = ticket['ticket_number']
|
||||
|
||||
it 'should fail if the tagId is invalid' do
|
||||
result = request('/ticket/add-tag', {
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@ describe '/ticket/comment/' do
|
|||
Scripts.createUser('commenter@os4.com', 'commenter', 'Commenter')
|
||||
Scripts.login('commenter@os4.com', 'commenter')
|
||||
|
||||
result = Scripts.createTicket
|
||||
|
||||
@ticketNumber = result['ticketNumber']
|
||||
Scripts.createTicket('Winter came and it was a disappointment','The fandom remembers')
|
||||
ticket = $database.getRow('ticket', 'Winter came and it was a disappointment' , 'title')
|
||||
@ticketNumber = ticket['ticket_number']
|
||||
|
||||
it 'should fail if invalid token is passed' do
|
||||
result = request('/ticket/comment', {
|
||||
|
|
|
|||
|
|
@ -181,18 +181,19 @@ describe '/ticket/create' do
|
|||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
result = request('/ticket/create', {
|
||||
title: 'created by staff',
|
||||
content: 'The staff created it',
|
||||
content: 'The staff created it believing this path returns the ticketnumber',
|
||||
departmentId: 1,
|
||||
language: 'en',
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
(result['status']).should.equal('success')
|
||||
ticket = $database.getRow('ticket', result['data']['ticketNumber'], 'ticket_number')
|
||||
|
||||
ticket = $database.getRow('ticket', 'The staff created it believing this path returns the ticketnumber', 'content')
|
||||
(ticket['author_id']).should.equal(nil)
|
||||
(ticket['author_staff_id']).should.equal(1)
|
||||
|
||||
$ticketNumberByStaff = result['data']['ticketNumber']
|
||||
$ticketNumberByStaff = ticket['ticket_number']
|
||||
request('/user/logout')
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -12,7 +12,9 @@ describe 'Ticket Events' do
|
|||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
ticketNumber = response['data']['ticketNumber']
|
||||
ticket = $database.getRow('ticket', 'Ticket with many events','title')
|
||||
|
||||
ticketNumber = ticket['ticket_number']
|
||||
|
||||
request('/user/logout')
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,19 @@
|
|||
describe '/ticket/get/' do
|
||||
request('/user/logout')
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
result= request('/system/add-api-key', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
name: 'APIkeyToTicketget',
|
||||
shouldReturnTicketNumber: 'true',
|
||||
canCreateTickets: 1
|
||||
})
|
||||
(result['status']).should.equal('success')
|
||||
$token = result['data'];
|
||||
|
||||
request('/user/logout')
|
||||
|
||||
Scripts.createUser('cersei@os4.com', 'cersei','Cersei Lannister')
|
||||
Scripts.createUser('not_ticket_getter@os4.com', 'not_ticket_getter','No Author')
|
||||
|
||||
|
|
@ -13,10 +27,11 @@ describe '/ticket/get/' do
|
|||
departmentId: 1,
|
||||
language: 'en',
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
csrf_token: $csrf_token,
|
||||
apiKey: $token
|
||||
})
|
||||
@ticketNumber = result['data']['ticketNumber']
|
||||
|
||||
|
||||
request('/ticket/comment', {
|
||||
ticketNumber: @ticketNumber,
|
||||
content: 'some valid comment made',
|
||||
|
|
|
|||
|
|
@ -2,14 +2,14 @@ describe '/ticket/search' do
|
|||
request('/user/logout')
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
result = Scripts.createTicket('test ticket1')
|
||||
@ticketNumber1 = result['ticketNumber']
|
||||
Scripts.createTicket('test ticket1')
|
||||
@ticketNumber1 = $database.getRow('ticket', 'test ticket1', 'title')['ticket_number']
|
||||
|
||||
result = Scripts.createTicket('test ticket2')
|
||||
@ticketNumber2 = result['ticketNumber']
|
||||
Scripts.createTicket('test ticket2')
|
||||
@ticketNumber2 = $database.getRow('ticket', 'test ticket2', 'title')['ticket_number']
|
||||
|
||||
result = Scripts.createTicket('test ticket3')
|
||||
@ticketNumber3 = result['ticketNumber']
|
||||
Scripts.createTicket('test ticket3')
|
||||
@ticketNumber3 = $database.getRow('ticket', 'test ticket3', 'title')['ticket_number']
|
||||
|
||||
$pages = 1..10
|
||||
|
||||
|
|
|
|||
|
|
@ -5,14 +5,16 @@ describe '/user/get' do
|
|||
Scripts.login('user_get@os4.com', 'user_get')
|
||||
result = request('/ticket/create', {
|
||||
title: 'Should we pay?',
|
||||
content: 'A Lannister always pays his debts.',
|
||||
content: 'A Lannister always pays his debtssss.',
|
||||
departmentId: 1,
|
||||
language: 'en',
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token
|
||||
})
|
||||
|
||||
@ticketNumber = result['data']['ticketNumber']
|
||||
ticket = $database.getRow('ticket', 'A Lannister always pays his debtssss.' , 'content')
|
||||
|
||||
@ticketNumber = ticket['ticket_number']
|
||||
|
||||
it 'should fail if not logged' do
|
||||
request('/user/logout')
|
||||
|
|
|
|||
Loading…
Reference in New Issue